CVE-2026-7788: Path Traversal in Axle-Bucamp MCP-Docusaurus
CVE-2026-7788 is a path traversal vulnerability in Axle-Bucamp MCP-Docusaurus affecting functions that handle document paths. The flaw allows remote attackers to manipulate the DOCS_DIR/path argument to access unauthorized files. The vulnerability has a medium severity with a CVSS 4.0 score of 6.9. The project uses a rolling release model, so specific affected or fixed versions are not clearly identified. The vendor has not yet responded or provided a patch. Exploit code has been publicly released, but no known active exploitation in the wild has been reported.
AI Analysis
Technical Summary
This vulnerability exists in the update_document, continue_document, delete_document, and get_content functions within app/routes/document.py of Axle-Bucamp MCP-Docusaurus up to commit 404bc028e15ec304c9a045528560f4b5f27a17e0. By manipulating the DOCS_DIR/path argument, an attacker can perform path traversal, potentially accessing files outside the intended directory. The vulnerability can be triggered remotely without authentication or user interaction. The product follows a rolling release model, complicating precise version tracking. No official remediation or patch has been published, and the vendor has not responded to the issue report. Public exploit code is available, increasing the risk of attack.
Potential Impact
Successful exploitation allows an unauthenticated remote attacker to perform path traversal, potentially reading or modifying files outside the intended document directory. This could lead to unauthorized data disclosure or modification. The CVSS 4.0 base score is 6.9, indicating a medium severity impact with low vector complexity and no required privileges or user interaction. There is no evidence of active exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded or provided a fix, users should monitor the project repository for updates. Until a fix is available, consider implementing access controls or input validation at the deployment environment level to restrict path traversal attempts. Avoid exposing vulnerable endpoints to untrusted networks if possible.
CVE-2026-7788: Path Traversal in Axle-Bucamp MCP-Docusaurus
Description
CVE-2026-7788 is a path traversal vulnerability in Axle-Bucamp MCP-Docusaurus affecting functions that handle document paths. The flaw allows remote attackers to manipulate the DOCS_DIR/path argument to access unauthorized files. The vulnerability has a medium severity with a CVSS 4.0 score of 6.9. The project uses a rolling release model, so specific affected or fixed versions are not clearly identified. The vendor has not yet responded or provided a patch. Exploit code has been publicly released, but no known active exploitation in the wild has been reported.
CVSS v4.0
Score 6.9medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in the update_document, continue_document, delete_document, and get_content functions within app/routes/document.py of Axle-Bucamp MCP-Docusaurus up to commit 404bc028e15ec304c9a045528560f4b5f27a17e0. By manipulating the DOCS_DIR/path argument, an attacker can perform path traversal, potentially accessing files outside the intended directory. The vulnerability can be triggered remotely without authentication or user interaction. The product follows a rolling release model, complicating precise version tracking. No official remediation or patch has been published, and the vendor has not responded to the issue report. Public exploit code is available, increasing the risk of attack.
Potential Impact
Successful exploitation allows an unauthenticated remote attacker to perform path traversal, potentially reading or modifying files outside the intended document directory. This could lead to unauthorized data disclosure or modification. The CVSS 4.0 base score is 6.9, indicating a medium severity impact with low vector complexity and no required privileges or user interaction. There is no evidence of active exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded or provided a fix, users should monitor the project repository for updates. Until a fix is available, consider implementing access controls or input validation at the deployment environment level to restrict path traversal attempts. Avoid exposing vulnerable endpoints to untrusted networks if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-04T16:47:35.469Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f9347fcbff5d86105865b0
Added to database: 5/5/2026, 12:06:23 AM
Last enriched: 5/12/2026, 6:27:27 AM
Last updated: 6/18/2026, 5:20:50 AM
Views: 73
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.